void pf_init_context(struct context *c) { struct gc_arena gc = gc_new(); #ifdef PLUGIN_PF if (plugin_defined(c->plugins, OPENVPN_PLUGIN_ENABLE_PF)) { const char *pf_file = create_temp_file(c->options.tmp_dir, "pf", &gc); if (pf_file) { setenv_str(c->c2.es, "pf_file", pf_file); if (plugin_call(c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es) == OPENVPN_PLUGIN_FUNC_SUCCESS) { event_timeout_init(&c->c2.pf.reload, 1, now); c->c2.pf.filename = string_alloc(pf_file, &c->c2.gc); c->c2.pf.enabled = true; #ifdef ENABLE_DEBUG if (check_debug_level(D_PF_DEBUG)) { pf_context_print(&c->c2.pf, "pf_init_context#1", D_PF_DEBUG); } #endif } else { msg(M_WARN, "WARNING: OPENVPN_PLUGIN_ENABLE_PF disabled"); } } } #endif /* ifdef PLUGIN_PF */ #ifdef MANAGEMENT_PF if (!c->c2.pf.enabled && management_enable_pf(management)) { c->c2.pf.enabled = true; #ifdef ENABLE_DEBUG if (check_debug_level(D_PF_DEBUG)) { pf_context_print(&c->c2.pf, "pf_init_context#2", D_PF_DEBUG); } #endif } #endif gc_free(&gc); }
int plugin_call_ssl (const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es #ifdef USE_SSL , int certdepth, x509_cert_t *current_cert #endif ) { if (pr) plugin_return_init (pr); if (plugin_defined (pl, type)) { struct gc_arena gc = gc_new (); int i; const char **envp; const int n = plugin_n (pl); bool success = false; bool error = false; bool deferred = false; setenv_del (es, "script_type"); envp = make_env_array (es, false, &gc); for (i = 0; i < n; ++i) { const int status = plugin_call_item (&pl->common->plugins[i], pl->per_client.per_client_context[i], type, av, pr ? &pr->list[i] : NULL, envp #ifdef USE_SSL ,certdepth, current_cert #endif ); switch (status) { case OPENVPN_PLUGIN_FUNC_SUCCESS: success = true; break; case OPENVPN_PLUGIN_FUNC_DEFERRED: deferred = true; break; default: error = true; break; } } if (pr) pr->n = i; gc_free (&gc); if (type == OPENVPN_PLUGIN_ENABLE_PF && success) return OPENVPN_PLUGIN_FUNC_SUCCESS; else if (error) return OPENVPN_PLUGIN_FUNC_ERROR; else if (deferred) return OPENVPN_PLUGIN_FUNC_DEFERRED; } return OPENVPN_PLUGIN_FUNC_SUCCESS; }
/* * Pass tunnel endpoint and MTU parms to a user-supplied script. * Used to execute the up/down script/plugins. */ void run_up_down (const char *command, const struct plugin_list *plugins, int plugin_type, const char *arg, const char *dev_type, int tun_mtu, int link_mtu, const char *ifconfig_local, const char* ifconfig_remote, const char *context, const char *signal_text, const char *script_type, struct env_set *es) { struct gc_arena gc = gc_new (); if (signal_text) setenv_str (es, "signal", signal_text); setenv_str (es, "script_context", context); setenv_int (es, "tun_mtu", tun_mtu); setenv_int (es, "link_mtu", link_mtu); setenv_str (es, "dev", arg); if (dev_type) setenv_str (es, "dev_type", dev_type); if (!ifconfig_local) ifconfig_local = ""; if (!ifconfig_remote) ifconfig_remote = ""; if (!context) context = ""; if (plugin_defined (plugins, plugin_type)) { struct argv argv = argv_new (); ASSERT (arg); argv_printf (&argv, "%s %d %d %s %s %s", arg, tun_mtu, link_mtu, ifconfig_local, ifconfig_remote, context); if (plugin_call (plugins, plugin_type, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS) msg (M_FATAL, "ERROR: up/down plugin call failed"); argv_reset (&argv); } if (command) { struct argv argv = argv_new (); ASSERT (arg); setenv_str (es, "script_type", script_type); argv_printf (&argv, "%sc %s %d %d %s %s %s", command, arg, tun_mtu, link_mtu, ifconfig_local, ifconfig_remote, context); argv_msg (M_INFO, &argv); openvpn_run_script (&argv, es, S_FATAL, "--up/--down"); argv_reset (&argv); } gc_free (&gc); }